Giter Site home page Giter Site logo

linkshim's Introduction

LinkShim

Replicates Facebook Functionality of their LinkShim

When you click on a link on Facebook to an external url, they take you to a script on Facebook that redirects you to link you requested. This is an important security feature, for the following reasons:

Protects People

Creates opportunity to stop malicious and spammy sites in real-time.

Protect Privacy

Websites know where you came from by the referrer attribute in the header. On most pages, this might not be an issue. But if I clicked on a link that was on my profile, the website could glean the fact that my facebook user name is "tommycrush" because my referrer would be "http://www.facebook.com/tommycrush". But when we use a redirect script, the referrer is simply "http://www.facebook.com/l.php"

Gather Analytics

A successful web company should know what's be linked to, shared by who, clicked by who, trends, etc. A redirect script creates that opportunity.

Learn More About Facebook's (& thus this) LinkShim

Matt Jones, an engineer at Facebook, wrote an excellent explanation of their LinkShim https://www.facebook.com/note.php?note_id=10150492832835766

How to Setup

This project is meant to be a framework you can use to quickly set a LinkShim. Thus, it is not comprehensive (for example, there is no user specific logging, which would be necessary in production). Follow these steps to setup:

1. Install Redis & Tornado

LinkShim uses Redis, a NoSQL technology, to maintain a spam watchlist, an analytics container, and a set of valid hashes (to prevent becoming an OpenRedirector)

It also uses the python (Tornado Framework)[http://www.tornadoweb.org/], a scalable, non-blocking web server. I implemented this in python rather than PHP so we can keep settings and database connections open between calls. In redirect engines, speed is of utmost importantance (behind security, of course.)

2. Change Settings

Download these files, place them where you want, and open server.py. Change the admin_token to something random/secure, and listen_on_port to the port you want to listen to, and templates_dir to the absolute path of your templates. (duh.)

3. Start er' Up.

python server.py will work for testing. In production, you'll want to use a daemon.

4. Create some Hashes

Have your frontend guys/gals hit /hash?admin_token=YOUR_TOKEN&num=10 to create some hashes when they need them. By Default, tokens are valid for 6 hours. This endpoint should really be only avaiable internally for security reasons. It's on the same port for now just for the demo.

5. Include the JS and place the Hashes

Include the JS Script on your page. Place one of the hashes in JS like so: `< script type="text/javascript" >

LinkShim.init();

	LinkShim.addPageParams({
	    pageVersion: 'a',//great for A/B testing!
	    hash: 'CREATED_HASH',
	    anyRandomPageVar: '3000'
	});
	
	
</ script >

`

linkshim's People

Contributors

tommycrush avatar

Watchers

 avatar  avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.